Method for Issuing Identity Certificate to Blockchain Node and Related Apparatus

1. A method for issuing identity certificates, performed by a certificate authority system having multi-tier certificate authority nodes in a blockchain network, the method comprising: issuing a first identity certificate to a first terminal as a blockchain node of the blockchain network through a first-tier certificate authority node from the multi-tier certificate authority nodes; receiving a second identity certificate issuance request that is from the first terminal and that is made by using the first identity certificate; issuing a second identity certificate to the first terminal through a second-tier certificate authority node from the multi-tier certificate authority nodes, wherein the first terminal forwards the second identity certificate to a second terminal as a blockchain node of the blockchain network; receiving a third identity certificate issuance request that is from the second terminal and that is made by using the second identity certificate; and issuing a third identity certificate to the second terminal through a third-tier certificate authority node from the multi-tier certificate authority nodes, wherein the second terminal forwards the third identity certificate to a third terminal as a blockchain node of the blockchain network.

2. The method according to claim 1, wherein the second identity certificate issuance request is generated in response to a registration request transmitted by the second terminal to the first terminal; and wherein the third identity certificate issuance request is generated in response to a registration request transmitted by the third terminal to the second terminal having the second identity certificate.

3. The method according to claim 1, wherein the method further comprises: generating a root certificate authority node; generating a root certificate through the root certificate authority node; and generating the first-tier certificate authority node, the second-tier certificate authority node, and the third-tier certificate authority node based on the root certificate.

4. The method according to claim 1, wherein the third-tier certificate authority node comprises a certificate authority node of a service node, a certificate authority node of a non-service node, and a personal certificate authority node, wherein the third terminal comprises a service node unit terminal, a non-service node unit terminal, and a personal terminal.

5. The method according to claim 4, further comprising: issuing a proxy node initiation identity certificate to a proxy node through the first-tier certificate authority node.

6. The method according to claim 1, wherein after the issuing the first identity certificate, the method further comprises: receiving a third identity certificate issuance request that is from the first terminal and that is made by using the first identity certificate, the third identity certificate issuance request being generated in response to a registration request transmitted by the third terminal to the first terminal through the second terminal; and issuing a third identity certificate to the first terminal through the third-tier certificate authority node, so that the first terminal forwards the third identity certificate through the second terminal to the third terminal.

7. The method according to claim 1, wherein the issuing the first identity certificate through the first-tier certificate authority node further comprises: generating a public key and a private key of the first terminal by using the first-tier certificate authority node; and generating the first identity certificate for the first terminal, the first identity certificate comprising the public key of the first terminal.

8. The method according to claim 7, wherein the issuing the first identity certificate through the first-tier certificate authority node further comprises: transmitting the first identity certificate and the private key of the first terminal to the first terminal.

9. The method according to claim 1, wherein the issuing a second identity certificate to the first terminal through the second-tier certificate authority node further comprises: performing authentication on registration information by using the second-tier certificate authority node.

10. The method according to claim 9, wherein the issuing a second identity certificate to the first terminal through the second-tier certificate authority node further comprises: in response to the authentication succeeding, generating a public key and a private key of the second terminal for the second terminal; and generating the second identity certificate for the second terminal, the second identity certificate comprising the public key of the second terminal.

11. The method according to claim 10, wherein the issuing a second identity certificate to the first terminal through the second-tier certificate authority node further comprises: transmitting the second identity certificate and the private key of the second terminal to the first terminal, so that the first terminal forwards the second identity certificate and the private key of the second terminal to the second terminal.

12. The method according to claim 11, wherein the method further comprises: transmitting, by the second terminal, the second identity certificate to another blockchain node.

13. The method according to claim 12, wherein the method further comprises: signing, by the second terminal by using the private key of the second terminal, a signature to content to be transmitted to the another blockchain node; and transmitting, by the second terminal, the content and the signature to the another blockchain node together.

14. The method according to claim 1, wherein the issuing a third identity certificate to the second terminal through the third-tier certificate authority node further comprises: performing authentication on a registration information of a grassroots unit by using the third-tier certificate authority node.

15. The method according to claim 14, wherein the issuing a third identity certificate to the second terminal through the third-tier certificate authority node further comprises: in response to the authentication succeeding, generating a public key and a private key of the third terminal for the third terminal; and generating the third identity certificate for the third terminal, the third identity certificate comprising the public key of the third terminal.

16. The method according to claim 15, wherein the issuing a third identity certificate to the second terminal through the third-tier certificate authority node further comprises: transmitting the third identity certificate and the private key of the third terminal to the second terminal, so that the second terminal forwards the third identity certificate and the private key of the third terminal to the third terminal.

17. The method according to claim 16, wherein the method further comprises: transmitting, by the third terminal, the third identity certificate to another blockchain node.

18. The method according to claim 17, wherein the method further comprises: signing, by the third terminal using the private key of the third terminal, a signature to content to be transmitted to the another blockchain node; and transmitting, by the third terminal, the content and the signature to the another blockchain node together.

19. A non-transitory computer readable medium with instructions contained thereon that, when executed by a processor, cause the processor to issue identity certificates to blockchain nodes in a blockchain network, wherein the blockchain nodes comprise a first terminal, a second terminal, a third terminal, and a certificate authority system having multi-tier certificate authority nodes; and wherein the processor is configured to execute the instructions to: issue a first identity certificate to the first terminal through a first-tier certificate authority node from the multi-tier certificate authority nodes; receive a second identity certificate issuance request that is from the first terminal and that is made by using the first identity certificate; issue a second identity certificate to the first terminal through a second-tier certificate authority node from the multi-tier certificate authority nodes, wherein the first terminal forwards the second identity certificate to the second terminal; receive a third identity certificate issuance request that is from the second terminal and that is made by using the second identity certificate; and issue a third identity certificate to the second terminal through a third-tier certificate authority node from the multi-tier certificate authority nodes, wherein the second terminal forwards the third identity certificate to the third terminal.